Description:
------------
We had this bug while running php within a shell script that runs the php script in loop and on a signal, sends the signal to the php process, waits for its exit and exits.
Php script itself uses the 7.1 feature of async signal handling to gracefully shutdown.
The bug only happens within the bash script, running the php script within a shell and sending the signal doesn't seems to have any issue. I've reproduced it on multiple systems (OSX and multiple linux versions).
The bash+php script is at https://gist.github.com/alex88/f2c337ea57693c2e97bff2ecc64dc8b2 if you run it and after the php script prints "Start" you ctrl-c you can see the segfault.
Expected result:
----------------
I expect the script to exit without segfault
Actual result:
--------------
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `php script.php'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000000001 in ?? ()
(gdb) bt
#0 0x0000000000000001 in ?? ()
#1 0x00005572902da267 in zend_signal_handler (signo=2, siginfo=0x7ffc82136770, context=0x7ffc82136640) at /tmp/php-src-php-7.1.4RC1/Zend/zend_signal.c:221
#2 0x00005572902d9d98 in zend_signal_handler_defer (signo=2, siginfo=0x7ffc82136770, context=0x7ffc82136640) at /tmp/php-src-php-7.1.4RC1/Zend/zend_signal.c:106
#3 <signal handler called>
#4 0x00007fbcb8ddc700 in __nanosleep_nocancel () at ../sysdeps/unix/syscall-template.S:84
#5 0x00007fbcb8ddc66a in __sleep (seconds=0) at ../sysdeps/posix/sleep.c:55
#6 0x0000557290161e71 in zif_sleep (execute_data=0x7fbcb6014090, return_value=0x7ffc82136c60) at /tmp/php-src-php-7.1.4RC1/ext/standard/basic_functions.c:4492
#7 0x0000557290301d9c in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER () at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:628
#8 0x0000557290301679 in execute_ex (ex=0x7fbcb6014030) at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:429
#9 0x000055729030178a in zend_execute (op_array=0x7fbcb6080000, return_value=0x0) at /tmp/php-src-php-7.1.4RC1/Zend/zend_vm_execute.h:474
#10 0x000055729029e7e1 in zend_execute_scripts (type=8, retval=0x0, file_count=3) at /tmp/php-src-php-7.1.4RC1/Zend/zend.c:1476
#11 0x0000557290204297 in php_execute_script (primary_file=0x7ffc82139320) at /tmp/php-src-php-7.1.4RC1/main/main.c:2537
#12 0x0000557290388413 in do_cli (argc=2, argv=0x557291556a70) at /tmp/php-src-php-7.1.4RC1/sapi/cli/php_cli.c:993
#13 0x00005572903895e6 in main (argc=2, argv=0x557291556a70) at /tmp/php-src-php-7.1.4RC1/sapi/cli/php_cli.c:1381